SYSK 74: Are You Using SecureString Class?

The new System.Security.SecureString type (introduced in .NET 2.0) uses DPAPI to help ensure that sensitive data stored in string form is not exposed to memory or disk-sniffing attacks.The data is held in memory in the encrypted format, and is only decrypted when accessed.

So, you can figure it’s great for storing secrets – passwords, cached connection strings, and other sensitive data.

But first, why is the string class not sufficient?For at least 4 reasons:

There is no way to erase them

GC doesn’t zero out old memory.

GC compaction is NOT deterministic

GC might move strings around and create several instances of the secret.

The new SecureString class stores your content encrypted, you can deleted when no longer needed, the class and the data is not visible to COM (even though DPAPI is used for encryption).You can lockdown the string to prevent any changes to it.And, finally, there are no methods to inspect, compare or convert content.